https://bz.apache.org/bugzilla/show_bug.cgi?id=64306
Bug ID: 64306
Summary: Error "AH01977: failed reading line from OCSP server"
with local OCSP proxy due to timeout
Product: Apache httpd-2
Version: 2.4.38
Hardware: PC
OS: Linux
Status: NEW
Severity: major
Priority: P2
Component: mod_ssl
Assignee: bugs@httpd.apache.org
Reporter: vincent-apa...@vinc17.net
Target Milestone: ---
Due to bug 57121 / bug 60182, I've been using a local OCSP proxy since
2020-03-18, as suggested in bug 57121 comment 4, using
SSLOCSPProxyURL http://localhost:8888/
in the /etc/apache2/mods-available/ssl.conf file. I had no problems for a
couple of weeks, but an hour ago, I got an OCSP error, and when I looked at the
Apache error logs, I saw:
[Sat Apr 04 01:08:02.538928 2020] [ssl:error] [pid 25395:tid 140479203022592]
(70007)The timeout specified has expired: [client 157.55.39.253:4878] AH01977:
failed reading line from OCSP server
[Sat Apr 04 01:08:02.577255 2020] [ssl:error] [pid 25395:tid 140479203022592]
[client 157.55.39.253:4878] AH01980: bad response from OCSP server: (none)
[Sat Apr 04 01:08:02.577385 2020] [ssl:error] [pid 25395:tid 140479203022592]
AH01941: stapling_renew_response: responder error
According to the ocsp_proxy logs, Apache httpd connects to the proxy every
hour, and the last one was:
Apr 04 01:07:54 joooj ocsp_proxy[7642]: [info] connection from ::1:33004
I assume that this is this one that led to the timeout.
At this time, according to journalctl information, the machine was idle (one
log message at 01:05:19, and the next one after ocsp_proxy at 01:08:16), so
that there are external reasons for a timeout.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org
For additional commands, e-mail: bugs-h...@httpd.apache.org
